Configuring Qumulo Authoritative DNS (QDNS)

This section explains how to configure QDNS on your Qumulo cluster.

How Qumulo Authoritative DNS (QDNS) Enables DNS Resolution and Load Balancing

QDNS works by hosting a DNS zone directly on a Qumulo cluster. This allows Qumulo Core to:

Send automatic DNS responses by using the floating IP addresses of nodes in a cluster
Load-balance client traffic across nodes in a cluster
Support resolution of IPv4 and IPv6 addresses
Support multi-network and multi-tenant environments
Filter queries based on client source

To enable automatic DNS responses and traffic load balancing, every Qumulo cluster hosts and manages a single fully qualified domain name (FQDN), which provides DNS records to all queries.

Note
Regardless of the number of tenants or network configurations, it is possible to configure only one FQDN for every Qumulo cluster.

DNS Access for Clients

To access the floating IP addresses of the nodes in the cluster, a client can query subdomains of the configured FQDN by using a naming format based on the network ID. For example, if the FQDN grumpquat-lb.example.com is configured on a cluster which has floating IP addresses from 203.0.113.1 to 203.0.113.4, a query to 1.grumpquat-lb.example.com returns one of the floating IP addresses by using load balancing.

Note
The base domain never resolves to an IP address.

To simplify client access, you can configure CNAME records that point to the network-specific domain. For example:

CNAME grumpquat.qumulo.com. 1.grumpquat-lb.qumulo.com.

This allows client connections to grumpquat.example.com to benefit from load-balanced traffic distribution.

Prerequisites

Before you enable QDNS on your Qumulo cluster, ensure that you have:

Administrative access to your Qumulo cluster
Permissions to configure DNS (for example, create NS records) and DNS delegation for your domain

Configuring DNS Delegation for Your Domain

To route DNS queries from your cluster’s FQDN to QDNS, you must configure DNS delegation according to your DNS provider:

Microsoft DNS: Create a delegated zone. For more information, see Manage DNS zones using DNS server in Windows Server in the Windows Server documentation.
Infoblox: Configure zone delegation. For more information, see Configuring Delegated, Forward, and Stub Zones in the Infoblox documentation.
Other DNS Providers: If you use a cloud DNS provider (such as Amazon Route 53, Microsoft Azure DNS, or Google Cloud DNS) and the cloud service isn’t able to communicate with your Qumulo cluster directly, you must create NS (Name Server) records in the parent zone and point them to your Qumulo cluster’s name server IP addresses. For example:
```
grumpquat-lb.example.com. NS ns1.grumpquat-lb.example.com.
grumpquat-lb.example.com. NS ns2.grumpquat-lb.example.com.
grumpquat-lb.example.com. NS ns3.grumpquat-lb.example.com.
grumpquat-lb.example.com. NS ns4.grumpquat-lb.example.com.
    
ns1.grumpquat-lb.example.com. A 203.0.113.1
ns2.grumpquat-lb.example.com. A 203.0.113.2
ns3.grumpquat-lb.example.com. A 203.0.113.3
ns4.grumpquat-lb.example.com. A 203.0.113.4
```
When you specify the name server IP addresses, use approximately four floating IP addresses from your Qumulo cluster which will act as the DNS endpoints that respond to queries for the delegated zone.

Note
For multi-tenant clusters, ensure that your organization’s DNS resolvers can reach at least one of the IP addresses from at least one network in your DNS infrastructure.

Configuring QDNS by Using the qq CLI

This section explains how to enable QDNS, restrict DNS queries to specific client IP addresses, remove host restrictions from DNS queries, modify the fully qualified domain name (FQDN) for your QDNS configuration, and disable QDNS by using the qq CLI.

To Enable QDNS for All Nodes

Use the qq authoritative_dns_modify_settings command with the --enable flag and specify your FQDN. For example:

qq authoritative_dns_modify_settings \
  --enable \
  --fqdn grumpquat-lb.example.com.

Tip
Include the trailing dot at the end of your FQDN.

To View the Current QDNS Configuration

Use the qq authoritative_dns_get_settings command.

The following is example output.

{
  "enabled": true,
  "fqdn": "grumpquat-lb.example.com.",
  "host_restrictions": ["203.0.113.0/24", "203.0.113.42"]
}

To Restrict DNS Queries to Specific Client IP Addresses

To limit DNS queries to authorized resolvers, add host restrictions to your QDNS configuration.

Tip
You can specify multiple IP addresses or CIDR blocks separated by spaces.

Use the qq authoritative_dns_modify_settings command and specify the host restrictions. For example:

qq authoritative_dns_modify_settings \
  --host-restrictions 203.0.113.0/24 203.0.113.42

In this example, the command restricts DNS queries to the 203.0.113.0/24 subnet and the IP address 203.0.113.42.

To Remove Host Restrictions from DNS Queries

Use the qq authoritative_dns_modify_settings command with the --disable-host-restrictions flag.

To Modify the Fully Qualified Domain Name (FQDN) for Your QDNS Configuration

Important

Include the trailing dot at the end of your FQDN.
After you change the FQDN for your QDNS configuration, you must reconfigure the DNS delegation for your domain.

Use the qq authoritative_dns_modify_settings command and specify your FQDN.

qq authoritative_dns_modify_settings \
  --fqdn new-domain.example.com.

To Disable QDNS for All Nodes

Use the qq authoritative_dns_modify_settings command with the --disable flag.

Note
When you disable QDNS, any previously configured FQDN and host restrictions remain on the cluster in an inactive state.